This article rocks and will allow me to have one less things to integrate. Thank you soo much.

...that in the downloads of the article is a helper to authenticate against ActiveDirectory as a real example.

And thanks for that comment!

Glad to be helpful (even more if there are some ISA servers to be replaced as a side effect of the article :-D).

Excellent article. My company is working on providing Internet pre-paid system to miners who are in the middle of nowhere. The only backhaul we have is Satellite, so we have to treasure our bandwidth. We are tinkling with NoCat at the moment. This article opens up a new possibility of a whole new system all together. Of course, we have to think of how to block all traffics that squid cannot proxy, or else there will be holes in this system (`iptables' to the rescue!). Also, how to tunnel other traffics via HTTP.

hi
first thank you for your nice article . I have a problem with the script
when i want to run it ( /bin/php /etc/squid/script.php)
it says :

Constant STDIN already defined in /etc/squid/script.php on line 3

please help me.
best regards

i have problem when using this document. this is the error :
The basicauthenticator helpers are crashing too rapidly, need help!

sounds like your program is crashing right after squid starts it (or them, if you have many children). Did you test it as a standalone console application before using it with squid to see that it receives the username/password pair and replies with OK/ERR in an infinite cycle?

first tanx for your answer ; I have delete that line and now my script( ofcourse yours ) is like this

<?
while (!feof(STDIN)) {
$line = trim(fgets(STDIN));
$fields = explode(' ', $line);
$username = rawurldecode($fields[0]); //1738
$password = rawurldecode($fields[1]); //1738
if ($username == 'hello'
and $password == 'world') {
fwrite(STDOUT, "OK\n");
} else if ($username == 'fo'
and $password == 'bar') {
fwrite(STDOUT, "OK\n");
} else {
// failed miserably
fwrite(STDOUT, "ERR\n");
}
}
?>

and now result of excuting /bin/php script.php is :(of course when i enter a string)

PHP Notice: Undefined offset: 1 in /omid/omid.php on line 10
ERR

any suggestion ?

Why don't you email me? I just copied (verbatim) your script and tried it over here and it worked:

$ php prueba.php
hello world
OK
foo
ERR
foo bar
ERR
fo bar
OK
it's ok
ERR

Maybe the problem is here:
$ php -version
PHP 5.2.3-1ubuntu2 (cli) (built: Jul 4 2007 16:13:07)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

Anyway, email me so we can take a closer look at what's going on. eantoranz at google's public mail service, you know, right? :-D

The problem is the define call. I have the fopen() right in the define, and it fails that way. If you do the fopen and save the result in a temporary variable, it works.

Try with this:

if (! defined(STDIN)) {
$temp = fopen("php://stdin", "r");
define("STDIN", $temp);
}

It worked with version 5.1.2 that way.

It worked with 5.2.3 the original way... I guess it's a bug in 5.1.2

Thanks for your wonderful article. I am having problems with your script. I believe it is due to the fact that my windows 2003 AD requires authentication to do any LDAP binds. I have another php LDAP application that connects to my AD successfully as it has a variable to configure a user account to connect to the AD with.

Can you please tell me how I can edit your script to bind to ldap using a username and password?

thanks

Ahmed, in the article's attachments, there's a PHP script that authenticates against AD through LDAP, and it binds to AD using the username/password provided by squid. Are you having problems with that script? Email me if you have any problems: eantoranz at gmail dot com.

Thanks a lot for your nice article and for writing for the freesoftwaremagazine.

In many environments the transmission of usernames and passwords as cleartext is not acceptable.

Do you haven an idea of how to solve this problem an transmit the authorization data between client and proxy encrypted?

Regards.
Tobias

Contacted Mr. Carmona today concerning the PHP script that authenticates against AD through LDAP. It no longer appears to be in the downloadable section of this article. I made mention of this in my email and requested help if he could provide.

I barely got the email sent before he responded. Not only did he respond he sent me the code after a very short time. Plus he said if I needed more help just email him.

Very impressed.

Tis my opinion the world needs more like him. Thanks for sharing this and thanks for all the help

Hi everyone,

I am a web designer and I have limited linux knowledge but I have set up two linux boxes.

One that runs a Voip system and another running Squid.

I have managed to get NCSA authentication working on the Squid proxy server but what bothers me is, that, the NCSA authentication method allows the same username and password to make simulataneous multiple logins which I don't want.

I need to write an authentication helper to restrict logins to one machine per session. Can anyone help me with this?

Kind Regards and Seasons Greetings!

Danbo

If you install Squid on Windows Server (2000/2003) and your requirement is simple, it is easier to use mswin_auth.exe provided in libexec.

Then you can login to Squid using your windows login id and password.

Check out mswin_auth.exe in libexec folder.

Thanks for the article. For a squid rookie like me the perfect entry point. As I intend to use squid mainly for elaborate authentication and logging purposes could you (or someone) tell me
-if there's a way to define a chain of authentication helpers and
-if there's a way to define a logging helper?

thanks a lot jens

First of all thanks for your article. For me as a rookie it was a good entry point.
As i want to use squid mainly for authentication and logging there are two questions left: Is there a way to define a chain of authentication helpers? Can i define a logging helper in the same way as a authentication helper? Thanks for any clue,
jens